Privacy Policy - Finomachine /

Who We Are – Personal Data Protection Policy (effective from July 15, 2025)

1. Data Controller

“Ioannis Pappas S.A.” (VAT 094288678, Tax Office of KEPHODE Attica), headquartered at 49 Petrou Ralli, Tavros 17778 (hereinafter “the Company”), is the data controller of your personal data collected through the website finomachine.gr, in accordance with the GDPR (Regulation (EU) 2016/679), the ePrivacy Directive, and Greek & European legislation.

2. What Data We Collect & Why

A. Contact forms: full name, email, message content. These are used solely to communicate with you and are retained for up to 6 months after resolution.
B. Technical–operational data: IP address, device type, browser, usage and navigation information. These are used to improve services and user experience, based on legitimate interest, and are retained for up to 14 months.
C. Maintenance data: records of issues, performance, and uptime. These are retained for up to 14 months and support the operation of the system.

3. Legal Basis for Processing

Consent: e.g., communication through a form. It can be withdrawn at any time without affecting the processing carried out prior to withdrawal.
Legitimate interest for technical support, website protection, and service improvement.
Legal obligations in case of judicial or other authorities.
Legitimate interests for the protection of the company’s rights.

4. Cookies & Similar Technologies

Technical, functional, and statistical cookies are used. Detailed information about types and duration can be found in a separate Cookies Policy. The use of non-essential cookies occurs only with your explicit consent.

5. User Rights

Under the GDPR, you have the following rights:

The right to access, correct, update, delete, or restrict the processing of your data.
The right to data portability
The right to object or request deletion.
The right to withdraw consent (without retroactive effect on lawful processing).
The right to file a complaint with the Data Protection Authority (www.dpa.gr).

For the above purposes, contact:
marketing@finomachine.gr.

6. Data Retention

Data are retained only as long as required for the purpose of collection. Once this purpose is fulfilled, they are deleted in accordance with Law 4624/2019 and the GDPR.

7. Data Sharing with Third Parties

It may be shared with:

Service providers (e.g., hosting, support, analytics), under a data processing agreement.
Public/investigative authorities upon a lawful request.
In the event of a sale or merger, data may be transferred to the new controllers under the same terms.
Transfers outside the EEA are carried out using appropriate safeguards (e.g., SCCs, Binding Corporate Rules).

8. Data Security

The Company implements appropriate technical and organizational measures: TLS/SSL, SHA‑256, backups, and restricted access. In the event of a security incident (data breach), the procedures provided by the GDPR will be followed (notification to the Authority within 72 hours, and, if required, to affected users).